110273- 
U.S. Department of Justice 
National institute of Justice 110278 


This document has been reproduced exactly as received from the 
person or organization originating it. Points of view or opinions stated 
in this document are those of the authors and do not necessarily 
represent the official position or policies of the National Institute of 
Justice. 


Permission to reproduce this copyrighted material has been 
granted by 


FEL Law Enforcement Bulletin 


F 


ce C 


jet Core 


on Further reproduction outside of the NCJRS system requires permis- 
: sion of the copyright owner. 


to the National Criminal Justice Reference Service (NCJRS). 


IEE EE EIT LET CEES LNT RE ENN TREE EIR I 


Te en Sah IS the i i RS ae BD a ARTS AAT EE NEG EET PER RAAT Pe LO AE LE SN AB ITP OTL OIE ELEC AAA GENIE IEENGEE AAR ALE SAAD ALLA ELEN ILO EAL IN BET ADA IAL LEBEN ASA LAGS ALI OA ILE OO IR LESLIE IE RTT ALARE LOO ETE EME IA Fm 


1/0273 


ute cia | Wit 


HWO27S i 


M0276 


10277 


£40278 


Erte, 


1} Recruiting Police From College 
{_-By Ordway P. Burden 


7 Executing Search Warrants in an Office Automation 
' Environment : | 
‘-By Charles Luisi, Wallace R. Zeins, and Alan E. Brill 
jae 
12 | Law Enforcement and Financial Institutions: A Need to 
/ Train and Communicate 
~ By Roger Zeihen, Michael Zeihen, and Thomas E. Burg 


15 Book Review 


16 ic Operation Defcon: A Multiagency Approach to Defense 
| Fraud Investigations 
By Kathleen L. McChesney 


20' Power Theft: The Silent Crime 
By Karl A. Seger and David J. Icove 


26 ' The Electronic Communications Privacy Act: Addressing 
| Today’s Technology (Part il) 
“BY Robert A. Fiatal 


31 Wanted by the FBI 


Law Enforcement Bulletin 


United States Department of Justice Published by the Office of Congressional The Cover: 
Federal Bureau cf Investigation and Public Affair: 8, A police cadet gains field experience 
Washington, DC 20535 Milt Ahlerich, Assistant Director assisting a josi child (see article p. 1). 
William S. Sessions, Director Editor—Thomas J. Deakin The FB) Law Enforcement Bulletin 
i itor— i (ISSN-0014-5688) is published monthly by the 
The Attorney General has determined that the pei ineen ena Er Suieweh Federal Bureau of Investigation, 10th and Penn- £ 
publication of this periodical is necessary in the ; sylvania Ave., N.W., Washington, DC 20535. Sec- 


transaction of the public business required by law Production Manager/Reprints—Mark A. 


ond-Class postage paid at Washington, DC. 


of the Department of Justice. Use of funds for Zettier R i 
aig this periodical has been approved by the pasa at Se eel ee 0 eas a 
irector of the Office of Management and Budget esuigalion, NMoresmen 


through June 6, 1988, 


ISSN 0014-5688 


letin, Washington, DC 20535. 


USPS 383-310 | 


é 
7 


neds. HERES BRI SF Hina 


White Collar Crime 
/2827 iff 


Editor’s Note: This article does not 
address certain legal issues associ- 
ated with executing a search warrant 
in an office environment. Law enforce- 
ment officers preparing to execute 
such warrants should consult their le- 
gal adviser. 


In the past, execution of a docu- 
mentary search warrant was a fairly 
straightforward business. Once the 
warrant was presented, you set about 
examining all documents that you could 
find, searching for those covered by the 
warrant, which you would log and seize. 

Today, most business organiza- 
tions, even the smailest, have either 
memory typewriters or computer word 


y 
CAPT. CHARLES LUISI 
Chief Investigator 
DET. SGT. WALLACE R. ZEINS 
Deputy Chief Investigator 
and 


ALAN E. BRILL 


Director 


Investigative Support Information Systems 


Department of Investigation 
New York, NY 


processors. In today’s technological 
environment, officers executing a war- 
rant are facea with a series of chal- 
lenges.’ Does the search site contain 
computers or memory typewriters 
which could contain evidence? Does 
your warrant authorize you to search 
computer files or typewriter electronic 
memories? With memory typewriters, 
word processing programs, and per- 
sonal.computers, do you know how to 
read the memory, which may be in the 
form of tapes, disks, memory car- 
tridges, or built permanently into the 
machine? 


Identifying Office Automation 


Before executing a search warrant, 
it is important to determine whether the 


site has computers or word processing 
memory typewriters. Computers range 
in size from room-sized mainframes to 
small, desktop personal computers. 
With their screens and printers, they 
are generally quite recognizable. How- 
ever, there are small, laptop machines 
which can easily be concealed. Such 
small machines can store vast amounts 
of data. 

The memory typewriter is fre- 
quently much more difficult to identify. 
While some have full TV-type screens, 
others have only a small display screen 
of one line and 10-40 characters. Still 
others have no special display and ap- 
pear to be regular typewriters. Consi- 
dering today’s technological envi- 
ronment, it is wise to assume that all 


March 1988 / 7 


2 REE PRP AT tee fee yc penser ee pera 


; 
: 
i 
é 
| 
‘ 
t 
: 
£ 
i 
i 
¥ 


Ea y RA nA i RE 


‘ 
i 
4 
tt 
e 
x 
* 
a3 
; 
+k 
4 
Bs 
| 
4 
' 


Sig a eactee RAR aS RAM pecan ara ahah 


Sergeant Zeins ° 


8 / FBI Law Enforcement Bulletin 


typewriters have memory capabilities 
until it has been established on an in- 
dividual basis that they do not. There- 
fore, to avoid intentional erasures of 
evidence, prohibit personnel at the 
search site from using any typewriter 
until the machine has been specifically 
cleared. 

When examining a machine to de- 
termine whether it has memory fea- 
tures, first ask the operators if the 
machine can store documents or look 
at the labels, lf it mentions the word 
“memory” or “word processor,” it will 
have to be electronically searched. 
Next, determine whether there are re- 
movable storage devices. Look for slots 
where disks can be inserted and re- 
moved from the machine or memory 
cartridges that can hold hundreds of 
pages in an electronic memory chip. 
Some earlier-dated equipment store 
data on magnetic cards or tape car- 
tridges. If the machine accepts any 
form of tape or disk, it has memory ca- 
pabilities and must be searched. 

On machines where there are no 
removable memory devices, carefully 
examine the keyboard for keys marked 
“store,” “read,” “write,” “recall,” “index,” 
or any other similar markings. A key la- 
beled “code” indicates that there are 
functions that can be called by pressing 
the code key either before or at the 
same time as another key. The code 
key is sometimes labeled “control” or 
“ctrl.” On some older IBM memory 
typewriters, there is a control wheel ad- 
jacent to the keyboard with memory 
area numbers from 7 to 50 marked on 
it. When a machine has these keys or 
dials, it indicates that the machine has 
the capability of storing data within the 
machine itself. In such cases, avoid un- 
plugging the machine at any time, as it 
is possible that some of the memory 


may be volatile and be Jost if power is 
interrupted. 

Because of difficulties associated 
with having to search unfamiliar equip- 
ment, it is important to obtain, if possi- 
ble, a general description of the office 
automation equipment in use at the lo- 
cation to be searched. If a manufacturer 
and/or model number can be obtained, 
this obviously allows the search team 
to plan accordingly. 

Of course, this is simply an exten- 
sion of the intelligence gathering that 
always preceeds the successful exe- 
cution of a warrant. In the case of office 
automation, this knowledge can be the 
difference between finding evidence or 
missing it completely. After all, those at 
the search site are not required to as- 
sist in the search. And instruction 
books, which are rarely found (once the 
operator understands the machine, the 
instructions are generally lost), are not 
particularly useful. 

Realistically, it is practically impos- 
sible to become completely familiar with 
any piece of equipment in a short pe- 
riod of time from an instruction book. 
Remember that those who have infor- 
mation to conceal can use computers 
and business machines to their advan- 
tage. It is easy to hide completely the 
existence of a sensitive file from detec- 
tion by the normal means described in 
instruction manuals. 

Your list of intelligence gathering 
requirements, therefore, should include 
the following questions: 

—Are there computers or word 
processors at the search site? 


—lIf so, what brand and/or model? 


—Are the machines used for word 
processing, data management, or 
financial analysis? 


natin 


i 
i 


Director Brill 


—wWhat programs are used? If this 
can be determined, seek a 
person qualified in the use of the 
program to assist in the search. 

—How sophisticated is the target 
organization in the use of their 
equipment? Sophisticated users 
can employ advanced techniques 
to hide data files. 


Conforming Warrants to Technology 

When defining the scope of the 
search warrant, it is important to include 
provisions authorizing the operation 
and search of automated systems. The 
language should authorize law enforce- 
ment officers to use the services of ex- 
perts, as required. The warrant should 
also include authorization to search 
both the machine’s memory and its ma- 
chine-readable files. The following lan- 
guage was used in a recent warrant 
executed for a U.S. attorney in the 
Eastern District of New York. 


“As some or all of the above 
described records may be stored by 
means of a computerized 
information system, the items and 
materials to be searched shail 
include the following equipment 
components: central processing 
unit, printers, terrninals (keyboards 
and display screems), magnetic tape 
drives, and magnetic disk drives; 
and storage media: magnetic tapes, 
magnetic disks, punched cards, 
paper tapes, and computer 
printouts. The Deputy United States 
Marshals conducting this search are 
authorized to utilize the services of 
computer experts, who may not be 
federal law enforcement officers, in 
order to use and operate the 
computer terminals at the above 
specified location for the purpose of 
retrieving the above specified 


computerized record information 

during the course of the above 

authorized search, provided that 

such experts operate under the 

direction, supervision, and control of 

the Deputy United States Marshals.” 

Recent changes in technology 

warrant a recommendation that this 
wording be expanded to include optical 
disk drives and optical disk storage me- 
dia. Devices using jaser technology are 
scheduled for wide use within the next 
year and will permit storage of up to one 
gigabyte (1,000 million characters) on 
a single 5%4-inch diameter optical disk. 
New devices also permit paper files to 
be replaced by video disks, each of 
which can store 100,000 or more doc- 
ument images. 


Conducting Automation Searches 


A technically qualified staff, proper 
supplies, and a plan of action are 
needed to conduct a search. As noted 
above, there are hundreds of combi- 
nations and permutations of hardware 
and software in use. Your ability to 
properly execute the search warrant 
depends on your ability to locate people 
that can search the office automation 
equipment. There are several sources. 

Your department rnay use com- 
puters or office automation and those 
involved in the development or use of 
these systems, even if they are admin- 
istrative rather than sworn personnel, 
are the first place to look for help. iden- 
tify those who have knowledge of or ex- 
perience with computers. (A growing 
number of sworn personnel have home 
computers and routinely use word proc- 
essing and data management pro- 
grams in their investigations.) In larger 
departments, more permanent ar- 
rangements can be made. At the New 
York City Department of Investigation, 


March 1988 / 9 


A EE at an gee NT CR HONDO NTE SREP LINEAR LNT PLES SEIT SE ET ETE ESE PERE E GES TES ESTE kG AG NO BO MRT SESE OR TST 6 ET SREB S ENE AGE aR 2A REE TBE Ra GW ges So wg BAY SOBA GS 3s aS Rate ae ee 


“the degree to which you obiain the evidence you are seeking 
will depend in large part on your ability to search computer- 
based information storage and processing systems.” 


the Investigative Support Information 
Systems Unit, which develops in-house 
systems, provides the technical support 
for searches of automated offices. 

Look to other government entities 
for assistance. While the police function 
may not have an in-house staff of tech- 
nical experts, another agency may. Ina 
cooperative locai/State/Federal investi- 
gation, one law enforcement organiza- 
tion may well be able to support the 
other with a technical staff. 

Many departments have estab- 
lished a working relationship with the 
computer stores where they purchase 
their equipment. In some cases, it may 
be possible to gain the cooperation of 
the store’s technical staff for assist- 
ance. 

Determine whether there are con- 
sultants who could assist on an “as 
needed” basis. While many require 
payment of fees, some—particularly 
larger firms—may provide the service 
on a pro bono. basis. 

Once the staffing for the search is 
determined, supplies become impor- 


10 / FBI Law Enforcement Bulletin 


tant. While it is possible to seize small 
business machines, others are too 
cumbersome. And the cost of safe- 
guarding a large machine for a tong pe- 
riod when it must be left on site may be 
excessive. Therefore, take along on the 
search everything needed to operate 
the computer successfully and produce 
any evidence contained therein, e.g., 
blank computer printout paper, blank 
disks or tapes to copy files, and appro- 
priate software. We routinely bring 
along programs that will enable us to 
copy files, examine them, and even 
remedy cases in which search targeis 
suddenly erase files from their disks 
when the warrant is first executed. We 
can, in most cases, actually “unerase” 
the files using low-cost software. 

This brings up a vital point. It is 
very easy to destroy computerized rec- 
ords. On most computers, typing a sim- 
ple command is all that is needed to 
blank out millions of characters of disk 
storage within seconds. Therefore, as 
a matter of policy, immediately take 
steps to move personnel at the search 


site away from all business machines, 
including typewriters, when the search 
warrant is executed. In these cases, 
seconds literally count. 

Procedurally, the search of a ma- 
chine is no different than a search of a 
file cabinet. It should be done by a team 
of two persons, a “searcher” and a “re- 
corder.” Begin by making an inventory 
of the storage media, identifying those 
disks or tapes that will have to be elec- 
tronically searched. Remember that the 
label ona disk may not represent its 
true contents! Also remember that most 
personal computers have “hard disks” 
built into them that are not visible, but 
which hold tens of millions of characters 
of data. On memory typewriters, too, 
the storage devices may well be incor- 
porated into the basic structure of the 
machine and not be a separate device. 

For each disk or tape (including 
built-in disks or memory devices), pro- 
ceed to identify the files stored. This 
may be done threugh the use of word 
or file processing software or by the use 
of the computer’s built-in directory 


These magnetic disks can store up to 1 million 
characters of text or the equivalent of 400 
pages. 


nse gr REET MEME EOCENE NER ITN ON 


When examining a machine, look for indications 
of a memory capability. 


search commands. Sophisticated users 
can easily hide files so that the names 
of selected files wil] not show up on nor- 
mal directory listings. Consider the use 
of special software to identify these hid- 
den files. 

Examine each file on the screen to 
determine whether it falls within the 
bounds of the warrant. Consult with the 
prosecutor to determine whether, 
should you find relevant material, to 
seize the original files (which in many 
cases require seizing the entire ma- 
chine that may contain volumes of ma- 
terial that are beyond the scope of 
the search warrant), or simply print out 
the file and mark it appropriately. in the 


case of large data base files, the ap- 
propriate option might be to produce a 
copy on your own magnetic disks. Of 
course, the copying process would 
have to be fully controlled and docu- 
mented to assure that the copy was 
faithful to the original file in all respects. 
The specific evidentiary requirements 
for computer files and. computer-pro- 
duced data are beyond the scope of 
this article and differ by jurisdiction. 
However, these requirements. should 
be included in the planning. 


Conclusion 


Computerized records represent 
the most significant challenge to those 


executing a documentary search war- 
rant. As technology evolves, more and 
mors businesses, individuals, and gov- 
ernmental bodies will have increasingly 
sophisticated office automation sys- 
tems. Clearly, the degree to which you 
obtain the evidence you are seeking will 
depend in large part on your ability to 
search computer-based information 
storage and processing systems. 

FB) 
Footnote 


John Gales Sauls, “Raiding the Computer Room: 
Fourth Amendment Considerations,” FB) Law 
Enforcement Bulletin, vol. 55, No, 5 (Part 1) May 1986, p. 
25; No, 6 (Conclusion) June 1986, p. 24. 


—. March 1988 / 11 


